Skip navigation

Mountain Lion VPN problem?

47403 Views 38 Replies Latest reply: Sep 24, 2013 11:34 AM by jeknight RSS
1 2 3 Previous Next
Frazzler Level 1 Level 1 (0 points)
Currently Being Moderated
Jul 26, 2012 4:03 AM

Since upgrading to Mountain Lion (10.8) my VPN that uses L2TP/IPSec with machine authentication with a certificate no longer works. My other VPNs seem OK, I just have a problem using authentication with certificates.

 

Does anyone else have this problem?

 

Here are my logs, connection always seems to fail transmision with Main-Mode Mesage 5 everytime.

 

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IPSec Phase1 started (Initiated by me).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 2).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 4).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).

Jul 26 11:52:35 XXXXXXXXXX-macbook-pro.local racoon[11746]: IPSec Phase1 started (Initiated by me).

Jul 26 11:52:35 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).

Jul 26 11:52:38 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Phase1 Retransmit).

Jul 26 11:52:41 --- last message repeated 1 time ---

Jul 26 11:52:41 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 2).

Jul 26 11:52:41 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).

Jul 26 11:52:42 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 4).

Jul 26 11:52:42 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).

Jul 26 11:53:11 XXXXXXXXXX-macbook-pro.local pppd[11745]: IPSec connection failed

Jul 26 11:53:11 XXXXXXXXXX-macbook-pro.local racoon[11746]: IPSec disconnecting from server 138.XXX.X.X

Macbook Pro 17" (mid 2009), Mac OS X (10.6.1), MacBookPro5,2
  • msltx Level 1 Level 1 (10 points)
    Currently Being Moderated
    Jul 26, 2012 10:51 AM (in response to Frazzler)

    I have the same problem after upgrading from Lion to Mountain Lion. What I did is open Keychain Access and grant the VPN certificate (the private key part) to allow for all applications to access.

  • kremik Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 26, 2012 1:55 PM (in response to msltx)

    Hallelujah - This soleved the problem for me as well! Thanx a lot msltx!

    MacBook Air, OS X Mountain Lion
  • Adnanm Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 26, 2012 11:44 PM (in response to Frazzler)

    I am a bit new at this. i use to have seemless VPN access to my work computer but when I upgraded to ML it all screwed up.

    i use viscosity to for VPN and then Windows RDC to connect to my work computer. now when i connect through VISCOSITY it tells me that I am connected to my work server but when I try to use RDC it couldnt connect. at the same time while I am connected to VPN via Viscosity my internet stop working. I dont know what is going on but it is too frustrating for me.

    anyways, can you please tell me how can I grant the VPN certificate (the private key part) to allow for all applications to access.

    Thanks

  • 3g91ld3a Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 27, 2012 2:16 PM (in response to Frazzler)

    I'm experiencing the same issue on OSX 10.8 with certificates-based L2TP over IPsec VPN with MS-CHAPv2 for PPP, but the identified solution did not resolve the issue for me. /var/log/system.log shows the same as the OP. I've seen previous posters who had PPP issues using CHAP or PAP, but MS-CHAPv2 should "just work" OOB on the native client.

  • 3g91ld3a Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 27, 2012 3:34 PM (in response to 3g91ld3a)

    I've been testing and determined the issue is definitely certificate related. Using PSK-based L2TP over IPsec with MS-CHAPv2 for PPP works just fine. However, the introduction of the certificate borks it. Any ideas?

  • Schmokolowski Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 28, 2012 2:57 AM (in response to Frazzler)

    Thank you very much, you're my hero of the day, VPN is now working as it did before!

  • jippeh Level 1 Level 1 (5 points)
    Currently Being Moderated
    Jul 31, 2012 3:58 AM (in response to msltx)

    The solution works indeed, but adds a security risk by allowing all application access to the private key. Better would be to _only_ allow the VPN client (racoon) access.

     

    So instead of choosing the option "Allow all applications to access this item", you should use the option "Always allow access by these applications:" and select racoon. The path fo the executable is /usr/sbin/racoon.

     

    Pro tip: if you don't see the /usr folder when browsing for the executable, use the Show hidden files shortcut: cmd-shift-. (cmd-shift-dot).

  • greg.shaw Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 2, 2012 1:59 AM (in response to Frazzler)

    My problem with it. I can access VPN okay. However, when I then tried to access my organisations web pages it will not load. Other web pages are ok. The problem is the same no matter I am on the internal network or coming in from outside the network. When I turn VPN off it is OK. I use the built in VPN in Mountain Lion. The previous OS was fine.

  • greg.shaw Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 2, 2012 4:01 PM (in response to Frazzler)

    As I said my VPN connection works fine -- It shows I am connected, but consequently I can not then access the actual organization's web site. Web pages are hosted in the organization - www.cdu.edu.au

  • Nuno Barreto Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 6, 2012 2:17 AM (in response to Frazzler)

    I have the same problem, but my case is a bit different, since my certificates do not show on the Keychain Access. They are stored in /private/etc/cert.

     

    Any idea How I could solve that problem in this case?

  • Nuno Barreto Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 6, 2012 2:38 AM (in response to Nuno Barreto)

    path certificate "/private/etc/cert" in /etc/racoon/racoon.conf

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.